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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
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earned patent term adjustment. See 37 CFR 1 .704(b). 
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I )□ Responsive to communication(s) filed on 2/10/05 . 

2a)S This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
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4) S Claim(s) 1-12 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) [3 Claim(s) 1-12 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
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Application/Control Number: 09/749,159 
Art Unit: 2134 

DETAILED ACTION 

1. Claims 1-12 are pending. 

Response to Arguments 

2. Applicant 's arguments have been fully considered but they are not persuasive: 
Applicant argues: 

For the claim limitation "a plurality of protected resources that are not stored within the 
directory, " the Examiner cites page 6, paragraph 5-6. This section of the cited art describes a 
distributed directory, a directory where different parts of the directory are stored in different 
locations. The Examiner then suggests that resources may not be stored within the directory 
because the directory itself can be decentralized or distributed, " This statement lacks normal 
logic. The Examiner seems to suggest that since the directory is decentralized, then resources in 
the remote directory portions are not in the directory. But even something that is decentralized 
has identifiable bounds and limits. And the bounds and limits of the distributed directory in 
Understanding LDAP includes all distributed portions of the directory. The cited document is the 
user's manual for the Lightweight Directory Access Protocol (LDAP). This manual deals with 
accessing resources that are within the directory, even if the directory is distributed. The cited 
document does not teach or even suggest protected resources outside the directory. 

The Examiner contends it is well known to those of ordinary skill in the art that in the purest 
technical sense, a resource can neither be stored nor contained within a directory, but merely 
associated. 
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A directory is merely a concept of logical association, inherently incapable of storing resources. 
Technically, all resources are necessarily "not stored or contained within the directory". 

However, the phrase "stored within the directory" or "stored within the folder" is frequently used 
by those of ordinary skill in the art to indicate a logical association with the folder although it is 
technically incorrect. The Examiner has interpreted Applicant's claims in view of the prevailing 
definition of the term in the art and the specification. 

All network directories, including the network directories used in LDAP, are "directories" or 
"folders" that a user may click on or enter to see the list of files located within it. The files or 
resources a user sees within a particular directory are proxy entries such that when a user clicks 
on the icon, the icon representing that resource (located elsewhere) is accessed. For example, 
when a user open a folder (eg. My Documents), and sees an array of icons, it is understood that 
the icons themselves are not actually the files and resources the user is looking for, but rather 
graphical representations, proxy entries, which allows me to access the actual resource they 
reference by double clicking on them. 

It is by this logical association that a particular file is said to be "stored" within a directory. 



Application/Control Number: 09/749,159 Page 4 

Art Unit: 2134 

Applicant has also claimed in claim 1, a directory with a proxy of entries, and an application that 
is to invoke access to the actual resources through the proxy entries through a logical mapping of 
the entries with the resources. 

These limitations, "a directory that has a plurality of entries", and "a logical mapping that 
correlates each protected resource with a corresponding proxy entry" by definition means that 
these protected resources which applicant claims are indeed "stored" within the directory. They 
are logically associated in such as way as to be accessible from the directory. 

However applicant has argued Understanding LDAP doesn't anticipate the invention because: 
"the bounds and limits of the distributed directory in Understanding LDAP includes all 
distributed portions of the directory... resources that are within the directory, even if the 
directory is distributed. " 

Applicant is arguing that the logical associations that define the directories exist for the 
distributed resources, regardless of the fact that the directory is distributed. Therefore the 
resources are still contained within the directory due to this logical association even though they 
may be located elsewhere. 

If it is true by the Applicant's arguments that the Examiner and others in the art are to interpret 
the boundaries of the directory by the presence of the logical associations among the resources, 
then Applicant's own claim also fails to satisfy the claimed condition where "a plurality of 
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protected resources that are not stored or contained within the directory" since applicant's 
limitations specifically define that the resources are in fact located in the directory by being 
accessible by logical association. (Applicant calls this "logical mapping") 

A directory is a logical association that associates files to a particular grouping from which the 
files are accessible. Applicant's argument is that the logical associations hold regardless of the 
distributed nature of the LDAP network, therefore, the file resources of LDAP do not satisfy the 
claimed limitation: 

"a plurality of protected resources that are not stored or contained within the directory" 
Yet applicant himself recites limitations in the claim that fail to satisfy that same limitation. 

Applicant's arguments are unpersuasive and the rejection of 5/20/04 is maintained. 

Claim Rejections - 35 USC §102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of appb'cation for patent in the United States. 

Claims 1-12 are rejected under 35 U.S.C. 102(b) as being anticipated by "Understanding LDAP" 
by the International Technical Support Organization. 
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In reference to claim 1: 

"Understanding LDAP" discloses an apparatus comprising: 

• At least one processor 

• A memory coupled to the at least one processor (Page 5, paragraph 2) Where a processor 
and memory coupled to at least one processor is understood to be a part of the computer 
system in both the client and server. (Page 5, Figure 1) 

• A directory service server that accesses a directory that has a plurality of 
entries(understood to be a part of LDAP), the plurality of entries including at least one 
proxy entry that contains security information for a corresponding protected resource, the 
directory service server including authentication and authorization functions that 
determine whether a selected one of the plurality of entries may be accessed, where the 
object has an access control list, and access is determined through this access control list. 
(Page 7, Section 1.1.4, Directory Security) & (Page 8, paragraph 1) 

• A plurality of protected resources that are not stored within the directory, where the 
resources may not be stored within the directory because the directory itself can be 
decentralized or distributed. (Page 6, paragraphs 5-6) 

• An application residing in the memory and executed by the at least one processor, the 
application including a logical mapping that correlates each protected resource with a 
corresponding proxy entry, the application determining whether the application is 
authorized to access a selected protected resource by invoking the authentication and 
authorization functions in the directory service server to determine whether the proxy 
entry corresponding to the selected resource may be accessed, and if so, the application 
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accesses the selected protected resource, where the logical mappings that correlates with 
the protected resources are LDAP entries, the application determining whether the 
application is authorized to access the resource is the software necessary in an LDAP 
server, and where the information is determined through an ACL. (Page 8, paragraph 1) 

In reference to claim 2: 

"Understand LDAP" discloses the apparatus of claim 1 wherein the directory service server is a 
Lightweight Directory Access Protocol (LDAP) server, and wherein the directory is an LDAP 
directory. 

In reference to claim 3: 

"Understanding LDAP" (Page 7, Section 1.1.4, Directory Security) - (Page 8, paragraph 1) 
discloses the apparatus of claim 1 wherein the application does not access the selected protected 
resource if the proxy entry corresponding to the selected resource cannot be accessed, where the 
resource cannot be accessed if the access right for that object in the directory is not granted. 

In reference to claim 4: 

"Understanding LDAP" (Page 7, Section 1.1.4, Directory Security) - (Page 8, paragraph 1) 
discloses a method for a directory service that contains a proxy entry corresponding to an 
external protected resource to provide authentication and authorization functions to a software 
application, where the directory service is LDAP which contains proxy entries corresponding to 
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file resources which correspond to respective ACLs which, with the LDAP server software allow 
for authentication and authorization functions, the method comprising the steps of: 
• When the software application needs to access the external protected resource, 
performing the steps of: 

o Identifying a proxy entry that corresponds to the external protected resource, 
where the objects are listed as LDAP entries such as that shown in (Page 18, 
Figure 5) 

o The software application requesting from the directory service access to the proxy 
entry that corresponds to the external protected resource, where the application is 
the client software necessary to allow the user to browse LDAP directories such 
as that listed on (Page 18, Figure 5) 

o If the directory service grants access to the proxy entry that corresponds to the 
external protected resource, the application accesses the external protected 
resource, where the entries requested are then accessed if permission is granted. 
(Page 4, Section 1.1.2 "Directory Clients and Servers") 

In reference to claim 5: 

"Understanding LDAP" (Page 7, Section 1.1.4, Directory Security) - (Page 8, paragraph 1) 
discloses the method of claim 4 further comprising the steps of: 

If the directory service denies access to the proxy entry that corresponds to the external protected 
resource, the application does not access the protected resource, where the resource cannot be 
accessed if the access right for that object in the directory is not granted. 



Application/Control Number: 09/749,159 
Art Unit: 2134 



Page 9 



In reference to claim 6: 

"Understanding LDAP" (Page 7, Section 1. 1:4, Directory Security) - (Page 8, paragraph 1) 
discloses a method for a directory service to provide authentication and authorization functions 
to a software application, the method comprising steps of: 

• Determining which of a plurality of resources require protection, where determining 
which of a plurality of resources requires is determined by attaching an ACL to each 
object. An object without an ACL for example, could be assumed to be accessible to 
anyone. 

• Creating a proxy entry in the directory service for each protected resource, where the 
proxy entry is a representation on the interface of the client software, of a resource on the 
server or a distributed system accessible by the server. (Page 18, Figure 5) 

• Generating a logical mapping that correlates each protected resource to its corresponding 
proxy entry, where a mapping is logically generated on the client interface in which the 
resource is not on the client system itself, but another system. (Page 18, Figure 5) 

• When the software application needs to access a selected protected resource, performing 
the steps of: 

o Using the logical mapping to identify a proxy entry that corresponds to the 
selected protected resource, where the logical mapping is from the directory 
entries on the client side to the resources on the server. (Page 6-7, Section 1.1.3 
"Distributed Directories") 
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o The software application requesting from the directory service access to the 
identified proxy entry, where the software is both the LDAP client and server. 

o If the directory service grants access to the identified proxy entry, the application 
accesses the selected protected resource, where the LDAP server must verify the 
user against the details in the ACL for the resource before granting access. (Page 
7, Section 1.1.4, Directory Security) - (Page 8, paragraph 1) 

In reference to claim 7: 

"Understanding LDAP" (Page 7, Section 1.1.4, Directory Security) - (Page 8, paragraph 1) 
discloses the method of claim 6 further comprising the step of: 

If the directory service denies access to the proxy entry that corresponds to the selected protected 
resource, the application does not access the selected protected resource, where the resource 
cannot be accessed if the access right for that object in the directory is not granted 

In reference to claim 8: 

"Understanding LDAP" (Page 5, Figure 1) & (Page 18, Figure 5) discloses the program product 
comprising: 

• A software application that uses a logical mapping that correlates a plurality of protected 
resources that are not stored or contained within the directory with corresponding proxy 
entries in a directory service that is managed by a directory service server(LDAP server), 
the application determining whether the application is authorized to access a selected 
protected resource by invoking authentication and authorization functions in the directory 
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service server to determinine whether the proxy entry corresponding to the selected 
resource may be accessed, and if so, the application accesses the selected protected 
resource, 

where a resource is logically mapped from the proxy in the client side representation of 
the server side resource, and is only accessed if a user is authenticated and authorized 
according to the permissions to the resource given in its ACL. (Page 7, Section 1.1.4 
Directory Security, paragraph 3) - (Page 8, 1 st paragraph) 
• Computer-readable signal bearing media bearing the software application, where the 
signal bearing media bearing the software application is contained in the memory of the 
client and server, as well the hard drives, and the possible transmission media in the 
communications between the client and the server. 

In reference to claim 9: 

"Understanding LDAP" discloses the program product of claim 8 wherein the signal bearing 
media comprises recordable media, where it is understood that signal bearing media may 
comprise recordable media such as hard disk drives, CD-R, floppy disks, or other magnetic 
media, all necessary in bearing the data signals when the data is accessed from the media. 



In reference to claim 10: 
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"Understanding LDAP" discloses the program product of claim 8 wherein the signal bearing 
media comprises transmission media, where it is understood that in order for data to be 
transmitted from the client to the server, that some transmission media is needed and used. 

In reference to claim 11: 

"Understanding LDAP" discloses the program product of claim 8 wherein the directory service 
server is a Lightweight Directory Access Protocol (LDAP) server, and wherein the directory is 
an LDAP directory. 

In reference to claim 12: 

"Understanding LDAP" discloses the program product of claim 8 wherein the application does 
not access the selected protected resource if the proxy entry corresponding to the selected 
resource cannot be accessed. 

(Page 7, Section 1.1.4 Directory Security, paragraph 3) - (Page 8, 1 st paragraph) 



Conclusion 

4. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy 
as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
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MONTHS of the mailing date of the final action and the advisory action is not mailed under after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension pursuant to 37 CFR 
1 . 1 36(A) will be calculated from the mailing date of the advisory action. In no event, however, 
will the statutory period for reply expire later than SIX MONTHS from the mailing date of this 
final action. 

5. Any inquiry concerning this communication from the examiner should be directed to 
Thomas M Ho whose telephone number is (571)272-3835. The examiner can normally be 
reached on M-F from 9:30 AM - 6:00 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 

Gregory A. Morse can be reached on (571)272-3838. 

The Examiner may also be reached through email through Thorny 

Any inquiry of a general nature or relating to the status of this application or proceeding should 

be directed to the receptionist whose telephone number is (571)272-2100. 

General Information/Receptionist Telephone: 571-272-2100 Fax: 703-872-9306 
Customer Service Representative Telephone: 571-272-2100 Fax: 703-872-9306 



March 11 th , 2005 



TMH 




